
According to password cracking experts, “It is unlikely any other document has been as influential [as past NIST guidelines] in shaping password creation and use policies.”
For over a year, the NIST has been drafting new rules and recommendations for protecting digital identities. This June, the result was finally published.
Substantial changes have been introduced since the NIST’s last publication in August 2013, many concerned with passwords. The NIST advises agencies to jettison outdated password complexity rules in favor of user-friendliness. It also introduces new password encryption standards and requires multi-factor authentication for any service involving sensitive information.
